Now there are 127 qbit computers. And they cannot factor 6 bit numbers.
And you come to that conclusion, how?
If the time comes that the ECDLP is broken by quantum computer and we can no longer rely on elliptic curve cryptography, then bitcoin will and must fork to some quantum resistant algorithm.
Better sooner than later then. The sooner the better. But they can't do it sooner you said because it needs time for research. but nist already is in their final stages. and bitcoin will probably have to go with something they crown. whether that's good or bad.
The question you are posing is how to go about doing that. Saying that you don't think it's reasonable to expect people to send their bitcoin to a new address type is missing the point - if ECDLP is broken, then all current addresses are vulnerable. We can't make ECDLP magically secure again and let people continue to use their current addresses.
Well the reason I say it's not reasonable is that not everyone is going to be able to move their bitcoins. Most people that used bitcoin in the past and probably many of them today think that their bitcoin is safe forever and there would be no need to ever change anything about it. But some people won't be alive maybe they gifted their bitcoin to some future descendents in a will or something. maybe using something like nlocktime. so all the descendent has is a (hopefully) secret transaction they can broadcast at some future time. they wont have any private key so they wont be able to "move any funds" to a new address type without first letting them to go the old address type first. now you can say that is dumb inheritance planning but maybe its the best they could do is put it in a bank deposit vault and that's it.
The only option is to introduce a new quantum resistant address type and give everybody plenty of time to move across to it (in the order of several years).
Well, how would you prove quantum resistance? Or would you just cross your fingers and hope it was. Because if it ever got cracked them bitcoin would really be in trouble then. So whatever address type they move to they better get it right the first time is all i can say i don't think they get a second shot.
What happens with coins that don't move becomes the real issue here - do we either decide as a community to permanently lock them* so they can never be moved again, or do we just ignore them and let them be stolen by whoever manages to first and then re-enter the general circulation. I am in favor of the latter option.
well you're assuming it has to be one or the other. if someone didn't spend using the address then no one is going to crack it unless they can crack hash functions which is not realistically possible. now all they have to do is get a bitcoin mining setup and try and mine their own transactions and don't broadcast their transaction but just mine a block it is in.
*Perhaps the best option, but one which would need a lot more work to be viable, would be to lock all these coins but provide a mechanism to unlock them if the real owner can provide some quantum-resistant proof that they are indeed the real owner. An example would be if I could prove that I owned the seed phrase which generated a given wallet or address. Such a mechanism (if developed) would only solve this issue for seed phrase generated addresses though, and there are a lot of vulnerable coins in P2PK address and other non HD wallets that this does not address.
Well if you could pull something like that off, you might as well just use it as your new signature scheme to replace the broken one. No need for a new quantum resistant address. For seed phrases anyway...but why couldn't it apply to other things too? If it can work with a seed phrase why not with any other piece of information?